Despite claims of immutability and decentralization, cryptocurrencies and public blockchains, including Bitcoin and Ethereum, are not quite delivering on their promises and are seeing a concentration of power in the hands of a few players.
A new report, commissioned by the US Defense Advanced Research Projects Agency (DARPA) and produced by software security research company Trail of Bits, examines the fundamental properties of blockchains and the cybersecurity risks associated with them, highlighting “unintended centralities” in distributed ledgers like Bitcoin.
Findings from the Trail of Bits research shows that blockchain immutability can be broken and that various actors could theoretically garner excessive and centralized control over a network.
First, the research found that the Nakamoto coefficient, a metric which gauges the decentralized nature of a blockchain by identifying the number of entities sufficient to disrupt a public blockchain, is relatively low for most popular public blockchain networks, indicating that the level of centralization is rather high.
For Bitcoin, for example, the Nakamoto coefficient stands at four because taking control of the four largest mining pools would provide a hashrate sufficient to execute a so-called 51% attack.
A 51% attack refers to an attack in which a single malicious actor or organization manages to control more than half of the total hashing power of the network, providing them with the ability to override the consensus mechanism of the network and commit malicious acts such as double spending.
For Ethereum, the Nakamoto coefficient is three, and for most proof-of-stake (PoS) networks, like Solana, Cosmos and Polygon, the coefficient is less than a dozen, the report says.
Another troubling find is that 60% of all Bitcoin traffic goes through only three Internet service providers (ISPs), a state that is concerning because these ISPs and hosting providers could potentially “arbitrarily degrade or deny service to any node,” the report says.
“Let’s say somebody with great top-down control of the Internet in their country starts to interfere with that network: they can rewrite history, they can censor transactions, they can make it so that you can’t spend your Bitcoin,” Trail of Bits CEO Dan Guido told NPR in an interview. “It’s definitely something people would want to do if they want to ‘grief’ the network.”
Additionally, the research found that a staggering 21% of Bitcoin nodes are running an old version of the Bitcoin core client that is known for having vulnerabilities. These computers could be targeted by an attacker looking to take over the majority of a blockchain network.
Centralization of popular cryptocurrency networks like Bitcoin comes as a result of the expansion and growth of the ecosystem, but it has ultimately derailed cryptocurrencies from their original course and introduced risks.
Before China’s crypto mining ban in May 2021, the country accounted for most of Bitcoin mining, data from the Cambridge University’s Cambridge Centre for Alternative Finance (CCAF) show. At its peak, China accounted for over three quarters of all Bitcoin mining, implying that the country could have potentially mounted a 51% attack.
Although Bitcoin has so far never suffered a 51% attack, other blockchain networks have. One of the biggest attacks targeted Bitcoin Gold and saw a reported US$18 million worth of crypto being stolen back in 2018.
Featured image credit: Based on image by fanjianhua and image by fullvector via Freepik
